UCMDB and UD Practitioners Forum (Previously CMS)
cancel

WMI Discovery Failure

SOLVED
Go to solution
Highlighted
Deantm
Trusted Contributor.

WMI Discovery Failure

Hey Peeps :-) ,

Having an issue with DDM (version 7.00) authenticating on 2 Windows 2008 R2 servers. When testing the credentials via the Check Credentials menu (WMI Protocol), the test is successful. When attempting to discover these via WMI, it fails and displays an error that says access denied--the wrapperProbe.log file shows the same: "access denied". Using a 3rd party WMI tool (CIMv2 Studio) works 100%. Also managed to successfully discover other 2008 servers 64 bit as well 32 bit; only having issues with these 2 servers. Any advice will be greatly appreciated?

 

P.S. This thread has been moved from Application Perf Mgmt (BAC / BSM) Support and News Forum to CMS and Discovery Support and News Forum. -HP Forum Moderator

3 REPLIES
Mario Morelli
Acclaimed Contributor.
Solution

Re: WMI Discovery Failure

Hi Dean

Please verify the following on those 2 servers.

Step 1. DCOM permission



1. Open Dcomcnfg

2. Expand Component Service -> Computers -> My computer

3. Go to the properties of My Computer

4. Select the COM Security Tab

5. Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.

6. Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.

7. Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.

8.



Step 2. Permission for the user to the WMI namespace



1. Open WMImgmt.msc

2. Go to the Properties of WMI Control

3. Go to the Security Tab

4. Select "Root" and open "Security"

5. Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission.



Step 3. Verify WMI Impersonation Rights



Click Start, click Run, type gpedit.msc, and then click OK.
Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.


--Regards
--Mario
Deantm
Trusted Contributor.

Re: WMI Discovery Failure

Thanks Mario, was able to check these except for the last part: gpedit.msc as I was redployed to another customer site; but I will keep this info for future use; Many thanks for you repsonse. I found some additional info on this issue: When using a user with administrator privillege for uCMDB's discovery job using NTCMD and WMI protocols on Windows 2008 R2 servers, DDM probes could not connect to these machines . The error message was "Access Denied".
On the other hand. if customer changed the user to Administrator, the connection could be established.
This issue occurs only when the target server is Windows 2008 R2 (even DDM probe could connect to Windows 2008 successfully using the user with administrator privillege).



Solution



Create a OS user as built in user and set the registry as per below:
To disable UAC remote restrictions, follow these steps:
1. Click Start, click Run, type regedit, and then press ENTER.
2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
3. If the LocalAccountTokenFilterPolicy registry entry does not exist, follow these steps:
a. On the Edit menu, point to New, and then click DWORD Value.
b. Type LocalAccountTokenFilterPolicy, and then press ENTER.
1. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
2. In the Value data box, type 1, and then click OK.
3. Exit Registry Editor.
For more information, please visit: http://support.microsoft.com/?scid=kb;en-us;951016&x=14&y=10

Deantm
Trusted Contributor.

Re: WMI Discovery Failure

Closing the thread, will open a new one if problem persists as I am unable to further troubleshoot this issue.